| Recurring |
multiple_organization |
(a) The software failure incident related to bypassing fingerprint sensors using printed fingerprints has happened before at multiple organizations. The article mentions incidents involving Samsung Galaxy S6 and Huawei Honor 7 phones as examples where researchers were able to use printed 2D fingerprints to unlock the fingerprint recognition systems [41762].
(b) The software failure incident of bypassing fingerprint sensors using printed fingerprints has also occurred at other organizations. The article mentions a similar incident in 2013 where hackers were able to bypass the Touch ID by lifting the print from a glass surface and printing it, similar to the method used by researchers from Michigan State University [41762]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the vulnerability of fingerprint sensors to spoofing attacks. Researchers demonstrated how easy it is to bypass fingerprint sensors on smartphones by using printed fingerprints created with conductive ink cartridges, glossy paper, and an inkjet printer. This vulnerability highlights a design flaw in the fingerprint authentication systems of mobile phones [41762].
(b) The software failure incident related to the operation phase is evident in the misuse of fingerprint sensors. The articles describe how individuals can replicate fingerprints using materials like dental mold and Play-Doh to bypass the fingerprint sensors on iPhones. This misuse of the fingerprint sensors showcases a failure in the operational security of the devices [41762]. |
| Boundary (Internal/External) |
within_system, outside_system |
The software failure incident described in the articles can be categorized as both within_system and outside_system:
(a) within_system: The failure occurred within the system due to vulnerabilities in the fingerprint authentication systems of mobile phones. Researchers demonstrated how easy it was to bypass the fingerprint sensors by creating 2D fingerprint spoofs using conductive ink, glossy paper, and a standard inkjet printer [41762].
(b) outside_system: The failure was also influenced by factors outside the system, such as the physical vulnerabilities of fingerprint sensors to spoofing techniques involving common materials like dental mold and Play-Doh. These external factors allowed for the replication of fingerprints to bypass the security measures of devices [41762]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The articles discuss a software vulnerability related to fingerprint sensors on smartphones. Researchers have demonstrated how it is possible to trick an Android fingerprint sensor using office supplies and a printed fingerprint [41762]. This vulnerability allows individuals to bypass the fingerprint sensor by creating a replica of a fingerprint using conductive ink, glossy paper, and an inkjet printer. The incident of the fingerprint sensor being bypassed is a result of the inherent limitations or vulnerabilities in the sensor technology itself, rather than any direct human actions causing the failure.
(b) The software failure incident occurring due to human actions:
The articles also mention that the vulnerability in fingerprint sensors can be exploited through human actions such as lifting a fingerprint, scanning it, and then printing it out to create a replica that can bypass the sensor [41762]. Additionally, the article discusses how a person can use Play-Doh to replicate a fingerprint impression obtained from a dental mold, which can then be used to bypass an iPhone's fingerprint sensor [41762]. These actions involve manipulating physical materials and using them to deceive the fingerprint sensor, highlighting the role of human actions in exploiting the vulnerability of the sensor technology. |
| Dimension (Hardware/Software) |
hardware |
(a) The software failure incident occurring due to hardware:
- The incident described in the articles is related to a security vulnerability in fingerprint sensors used in smartphones, particularly Android devices like Samsung Galaxy S6 and Huawei Honor 7. The vulnerability allows attackers to bypass the fingerprint sensor using printed fingerprints created with conductive ink and glossy paper [41762].
(b) The software failure incident occurring due to software:
- The software failure incident in this case is not directly related to a software flaw or bug in the fingerprint sensor software itself. Instead, the vulnerability arises from the ease with which attackers can create fake fingerprints using hardware components like conductive ink, glossy paper, and printers. The software itself is functioning as designed, but the security of the system is compromised due to the ability to spoof fingerprints [41762]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. Researchers have demonstrated how it is possible to trick an Android fingerprint sensor using office supplies and a printed fingerprint, with the objective of raising awareness about the vulnerability of fingerprint authentication [41762]. The method involves creating 2D fingerprint spoofs that can successfully hack built-in fingerprint authentication in mobile phones, showcasing the ease with which these sensors can be bypassed by using common materials to lift and replicate fingerprints [41762].
(b) There is no indication of a non-malicious software failure incident in the provided articles. |
| Intent (Poor/Accidental Decisions) |
accidental_decisions |
The software failure incident described in the articles is related to accidental_decisions. The incident involves a vulnerability in fingerprint authentication systems that can be exploited by using simple methods like printing fingerprints with conductive ink, glossy paper, and an inkjet printer, or creating a replica of a fingerprint using Play-Doh and a dental mold. These methods demonstrate how easily the fingerprint sensors can be bypassed, highlighting unintended weaknesses in the security systems [41762]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The articles do not mention any software failure incident related to development incompetence.
(b) The software failure incident related to accidental factors is the vulnerability of fingerprint authentication systems in mobile phones. Researchers demonstrated how easy it is to bypass fingerprint sensors using printed fingerprints created with conductive ink, glossy paper, and a standard inkjet printer [41762]. This vulnerability was exploited by lifting fingerprints and creating spoofs to unlock devices, highlighting the accidental introduction of security flaws in fingerprint authentication systems. |
| Duration |
unknown |
The articles do not mention any software failure incident related to either a permanent or temporary duration. |
| Behaviour |
omission, value, other |
(a) crash: The articles do not mention any software failure incident related to a crash.
(b) omission: The software failure incident related to omission is seen in the vulnerability of fingerprint sensors to being bypassed by printed fingerprints or Play-Doh replicas. The system omits to perform its intended function of accurately recognizing the user's fingerprint for authentication, allowing unauthorized access [41762].
(c) timing: The articles do not mention any software failure incident related to timing.
(d) value: The software failure incident related to value is evident in the system performing its intended function of fingerprint recognition incorrectly. The system incorrectly accepts printed fingerprints or Play-Doh replicas as valid authentication, compromising security [41762].
(e) byzantine: The articles do not mention any software failure incident related to a byzantine behavior.
(f) other: The other behavior observed in the software failure incident is the vulnerability of the fingerprint authentication system to being tricked by various methods involving printed fingerprints, conductive ink, glossy paper, and Play-Doh replicas. This behavior exposes a significant security flaw in the system's design and implementation [41762]. |